24 Jun 09 Google fix critical chrome bug
The Enquirer reports that Google has fixed up a vulnerability in it’s latest release – 2.0.172.33
Writing in its bog, Google said that if a pesky hacker got ahold of it, they could crash the browser or run code with the privileges of the logged-on user.
Exploiting the security flaw would require luring the user to a poisoned web site, but Google did not provided any other details.
Whilst it’s a pretty large hole, google’s internal security team found it and not an outside hacker so it’s nice to see the security guys at google doing their jobs.
Tags: chrome security, critical, updates
04 Sep 08 First Security Flaw in Chrome
It was bound to come along sooner rather than later and readwriteweb.com reports on how Google Chrome’s download feature can be exploited by hackers.
The flaw has got to do with Chrome’s lax downloading policy. When a user downloads a file and clicks the tab below (below) to open it, it is opened straight away without any prompts or warning.
For a demo of what i’m talking about check out this file (don’t worry, nothing in it, just a demo). It was compiled by security expert Aviv Raff.
Apparently it was a known bug in WebKit (the framework behind Chrome). Safari patched up this issue months ago, but Google were using an old WebKit version to work with Chrome and hence the problem.
